Using the Traceroute Command
A guide to using traceroute and tracert on MacOS, Linux, and Windows systems
7 min read
Image created with the assistance of A.I.
The route from ones computer to a website involves packets traveling a route from a computer to a web server. Each point on the route is called a hop and the speed in which a website or service loads is dependent on packets moving quickly between all hops on the route.
Fortunately a command exists that allows users to trace the route a request takes to a server. The traceroute command displays data on each hop between the user and the destination and can be used to diagnose where slowness exists between the two.
MacOS & Linux Command:
Windows Command:
In the image below the traceroute command with a destination of ipsearch.io is executed on a MacOS computer. Notice the response time for each hop is displayed.
2) Route Analysis: You can use traceroute to understand how well each hop between you and the destination perform. This can in turn be used to address bottlenecks and potential issues with the network.
Fortunately a command exists that allows users to trace the route a request takes to a server. The traceroute command displays data on each hop between the user and the destination and can be used to diagnose where slowness exists between the two.
Traceroute Syntax
The command is different on Windows based systems than it is on Linux and Mac based systems. In both system types the command is followed by the options / flags and then by the destination, such as a website.MacOS & Linux Command:
traceroute [options] [destination]Windows Command:
tracert [options] [destination]How the traceroute command works
The traceroute command works by sending ICMP echo requests with increasing Time to Live (TTL) value. At each hop on the path a packet reaches it TTL and send back a message on how long it took to get to that hop. Once the destination has been reached then the full path and time for each hop will have been sent back to the user.In the image below the traceroute command with a destination of ipsearch.io is executed on a MacOS computer. Notice the response time for each hop is displayed.
Two common reasons to use traceroute
1) Connection timeouts: If you request is timing out then traceroute can determine which router between you and the destination is causing the problem.2) Route Analysis: You can use traceroute to understand how well each hop between you and the destination perform. This can in turn be used to address bottlenecks and potential issues with the network.
MacOS / Linux Traceroute Options (flags)
| Options | Option Description |
|---|---|
| -i | <interface>: Specifies the network interface to use for traceroute operations. |
| -m | <max_ttl>: Sets the maximum Time-to-Live (TTL) or number of hops. This controls how far the packet can travel before being discarded. |
| -n | Avoids DNS name resolution. This makes traceroute faster by not resolving the IP addresses to hostnames. |
| -q | <nqueries>: Specifies the number of query packets sent at each TTL level. The default is usually three. |
| -p | <port>: Indicates the destination port to use. Useful when the default port is filtered or when exploring service-specific issues. |
| -s | <src_addr>: Sets the source address of the outgoing packet. Useful on machines with multiple interfaces. |
| -t | <tos>: Sets the Type of Service (TOS) field in the packets sent. This can influence the route taken by packets through networks that differentiate types of service. |
| -w | <waittime>: Sets the timeout in seconds to wait for a response to a probe. |
| -g | <gateway>: Specifies a loose source route gateway (IPv4 only). Multiple -g options are allowed. |
| -r | Bypasses the normal routing tables and sends directly to a host on an attached network. Only super-user may use this option. |
| -f | <first_ttl>: Sets the initial TTL used in the first outgoing probe packet. |
| -I | Uses ICMP ECHO instead of UDP datagrams (more routers and firewalls will process ICMP than UDP). |
| -T | Uses TCP SYN for probes to a specified port, which can be set with -p. This helps penetrate through firewalls and routers that block UDP or ICMP. |
| -U | Uses UDP datagrams instead of the default. This is often redundant since UDP is usually the default except when -I or -T is specified. |
| -A | Attempts to map the IP address of each hop to its Autonomous System (AS) and shows the ASN and corresponding network in the output. |
| -F | Sets the "don't fragment" bit. |
| -d | Enables socket-level debugging (only effective when used by super-users). |
| -v | Verbose output. Lists ICMP packets other than TIME_EXCEEDED and UNREACHABLE. |
| -z | <pause>: A minimal pause (in seconds) between probes (default 0). Useful to avoid rate limits on some links. |
| -n | <npackets>: Sends more than one probe simultaneously (can speed up traceroute operations). |
Windows Tracert Options (flags)
| Options | Option Description |
|---|---|
| -d | Suppresses the attempt to resolve IP addresses to hostnames, thus speeding up the tracing process. |
| -h | <max_hops>: Specifies the maximum number of hops to search for the target. This can be useful for determining where packets are being dropped in the network. |
| -j | <host-list>: Uses the loose source route option in the IP header to send packets directly to a gateway en route to the destination. The host list is a series of IP addresses separated by spaces. |
| -w | <timeout>: Sets the timeout in milliseconds to wait for each reply. This is particularly useful in slower network environments where responses may be delayed. |
| -R | Traces the round-trip path (IPv6 only). This flag tells tracert to trace the return route to the origin, which can help diagnose routing loopbacks and return path issues. |
| -S | <srcaddr>: Specifies the source address to use in the outgoing packet headers (IPv6 only). This is useful for specifying which IPv6 address to use on a multi-homed system. |
| -4 | Forces the use of IPv4. This can be useful when the network destination supports both IPv4 and IPv6, and you need to specifically diagnose the IPv4 route. |
| -6 | Forces the use of IPv6. This is necessary when the destination is known to be an IPv6 address or when testing the IPv6 infrastructure. |
